最近又客户感染勒索病毒,计算机文件全部被加密,文件后缀变成.help989,经分析.help989病毒类似globeimposter2.0,采用128位RES加密,中毒后会留下how_to_back_files.html文件,文件内容如:
All your data has been ciphered!
The only way of recovering your files is to buy a unique decryptor.
A decryptor is fully automatical, all your data will be recovered within a few hours after it’s installation.
For purchasing a decryptor contact us by email:
help989@protonmail.com
If you will get no answer within 24 hours contact us by our alternate emails:
help989@redchan.it
We assure full recovery after the payment.
To verify the possibility of the recovery of your files we can decipher 1 file for free.
Attach 1 file to the letter (no more than 25Mb). Indicate your personal ID on the letter:
********************************************
In reply we will send you an deciphered file and an instruction for purchasing an automatical decryptor for all your files. After the payment we will send you a decryptor and an instructions for protecting your computer from network vulnerabilities..
经过国瑞IT工程师现场处理,客户数据得到100%保障,恢复全部核心数据内容。